New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CS0-003 Exam - Topic 4 Question 34 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 34
Topic #: 4
[All CS0-003 Questions]

A SOC receives several alerts indicating user accounts are connecting to the company's identity provider through non-secure communications. User credentials for accessing sensitive, business-critical systems could be exposed. Which of the following logs should the SOC use when determining malicious intent?

Show Suggested Answer Hide Answer
Suggested Answer: D

Intrusion Detection Systems (IDS) logs provide visibility into network traffic patterns and can help detect insecure or unusual connections. These logs will show if non-secure protocols are used, potentially revealing exposed credentials. According to CompTIA CySA+, IDS logs are essential for identifying malicious activity related to communications and network intrusions. Options like DNS (A) and tcpdump (B) provide network details, but IDS specifically monitors for intrusions and unusual activities relevant to security incidents.


by Ernie at Oct 21, 2024, 02:05 PM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Louann
3 months ago
I’m surprised this is even a question, tcpdump is a no-brainer!
upvoted 0 times
...
Azalee
3 months ago
IDS logs could also provide insights on potential threats.
upvoted 0 times
...
Gertude
3 months ago
Wait, are we sure DNS logs are irrelevant?
upvoted 0 times
...
Shakira
4 months ago
Totally agree, tcpdump gives you the raw data you need!
upvoted 0 times
...
Bettina
4 months ago
I think tcpdump would be the best choice here.
upvoted 0 times
...
Shanice
4 months ago
IDS logs seem like a good choice since they can detect anomalies in traffic, but I wonder if they would catch everything related to non-secure communications.
upvoted 0 times
...
Mertie
4 months ago
I feel like the Directory logs could show user access patterns, but I'm not confident they would indicate if the connections were secure or not.
upvoted 0 times
...
Alecia
4 months ago
I think tcpdump might be useful here since it captures all network traffic, but I can't recall if it provides enough context for malicious intent.
upvoted 0 times
...
Lovetta
5 months ago
I remember we discussed how DNS logs can help identify unusual domain requests, but I'm not sure if they would show the actual connection method used.
upvoted 0 times
...
Azalee
5 months ago
I'm a bit confused by this question. There are a few different log types listed, and I'm not sure which one would be the most appropriate to use in this situation. I'll need to think it through carefully and try to determine which log would provide the most relevant information to investigate the potential malicious activity.
upvoted 0 times
...
Lucia
5 months ago
Okay, I think I've got this. The key here is that the question is asking about user accounts connecting to the identity provider through non-secure communications, which could expose sensitive credentials. So I'm going to go with tcpdump, since that would allow me to analyze the network traffic and look for any suspicious activity.
upvoted 0 times
...
Glen
5 months ago
Hmm, this is a tricky one. I'm not entirely sure which log would be the best to use in this scenario. I'll need to review the options carefully and think about what kind of information each log would provide that could help determine malicious intent.
upvoted 0 times
...
Kenda
5 months ago
This seems like a straightforward question about identifying the appropriate logs to investigate potential malicious activity. I'll need to think through the different log types and which one would be most relevant for tracking user account connections and potential credential exposure.
upvoted 0 times
...
Eura
1 year ago
I'm with Kris on this one. IDS logs all the way! Although, I did hear a rumor that the IT guy's cat keeps walking on the keyboard and messing with the settings. Gotta watch out for those furry hackers, you know.
upvoted 0 times
...
Sheridan
1 year ago
Directory logs? Really? That seems like a bit of a stretch. I'd go with the IDS logs - can't go wrong with that.
upvoted 0 times
Darell
1 year ago
DNS logs might also be useful in identifying any suspicious activity.
upvoted 0 times
...
Reid
1 year ago
I think tcpdump could also provide valuable information to determine malicious intent.
upvoted 0 times
...
Marge
1 year ago
I agree, IDS logs are definitely the way to go in this situation.
upvoted 0 times
...
...
Rebecka
1 year ago
Hmm, I'm not so sure. Wouldn't the tcpdump logs give you a more comprehensive view of the network traffic? That seems like the logical choice to me.
upvoted 0 times
Lynna
1 year ago
User 4: IDS logs might help identify any malicious intent in the network traffic.
upvoted 0 times
...
Willard
1 year ago
User 3: Directory logs could also be useful to track user account activity.
upvoted 0 times
...
Lorrie
1 year ago
User 2: I agree, tcpdump logs can provide a comprehensive view of the communication.
upvoted 0 times
...
Terrilyn
1 year ago
User 1: I think tcpdump logs would be the best choice to analyze network traffic.
upvoted 0 times
...
...
Kris
1 year ago
I think the IDS logs would be the best option to determine malicious intent. They would provide the most detailed information about the suspicious network activity.
upvoted 0 times
Adell
1 year ago
D: Directory logs might give us information on which user accounts are involved in the suspicious activity.
upvoted 0 times
...
Theron
1 year ago
C: DNS logs could also be helpful in tracking down the source of the non-secure connections.
upvoted 0 times
...
Cora
1 year ago
B: What about using tcpdump logs? Wouldn't they also show us network traffic details?
upvoted 0 times
...
Tequila
1 year ago
A: I agree, IDS logs would give us the most insight into any malicious activity.
upvoted 0 times
...
...
Tora
1 year ago
I agree with Meaghan. tcpdump can capture network traffic and help identify any suspicious activity.
upvoted 0 times
...
Meaghan
1 year ago
I think the SOC should use tcpdump to determine malicious intent.
upvoted 0 times
...

Save Cancel